^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
That's exactly what my network diagrams in dia look like. You can get dia for *NIX and Blows (if you want it).
Howard C. Berkowitz wrote:
Much of the enterprise market seems wedded to Visio as their network graphics tool, which locks them into Windows. Personally, I hate both little pictures of equipment and Cisco hockey-puck icons; I much prefer things like rectangles saying "7507 STL-1" or "M160 NYC-3".
Assuming you use *NIX platforms (including BSD under Mac OS X), what are your preferred tools for network drawings, both for internal and external use? I'd hate to be driven to Windows only because I need Visio.
nethack.net - netmapr is an alternative as well.
I personally use Dia, and it seems fine in both OS types, and exports various types of files that [OOo/MS-office] can deal with easily.
You can download shapes for a variety of presenters/office/visio/etc from the cisco website (as well as others).
Cheers,
andy
Omnigraffle can read/write Visio XML format, .vdx
It's not Visio's default file format, but it does give you 100%
compatibility.
-Bill
:
: Not trying to start a Visio religious war, just saying there's a reason
: enterprises use it.
:
And it's not just that they think that having thousands of open stencil
windows is impressive when you open a single diagram?
Mark
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Yo Howard!
Much of the enterprise market seems wedded to Visio as their network
graphics tool, which locks them into Windows. Personally, I hate both
little pictures of equipment and Cisco hockey-puck icons; I much
prefer things like rectangles saying "7507 STL-1" or "M160 NYC-3".
I am surprised no one has mentioned Open Office 2. It's drawing function
can do a lot of Visio like things. I like it a lot better than dia and
it does all the network drawing that I need.
RGDS
GARY
- ---------------------------------------------------------------------------
Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701
gem@rellim.com Tel:+1(541)382-8588
If you save the document without any surplus stencil windows open, that doesn't happen. In my experience it simply remembers how many were open the last time it was saved, and reopens all the same ones again assuming theyre available.
And this is rapidly moving OT ...
Mechanical pencil, a sheet of paper for a straight edge, and a penny when you want to make a proffesional looking round object. I publish to Flickr using macro mode on my Fuji Finepix 5100 to make the picture.
No little Cisco hockey puck stencils, but last year when I sketched a steaming pile o' poo all parties involved understood this to be the Cisco ICS 7750 we were scheduled to replace.
Howard C. Berkowitz wrote:
I've had pretty good luck with OmniGraffle Professional, and, it's fairly
cheap, too. Has many of the features Visio has, and, is gaining more
on a regular basis. It lacks the Visio silly pictures (although you could
create your own easily enough), but, it does understand connections between
objects and has some more advanced metadata features I haven't yet learned
to use. It's also got half-way decent auto-layout capabilities.
Owen
Hi Howard,
Much of the enterprise market seems wedded to Visio as their network
graphics tool, which locks them into Windows. Personally, I hate both
little pictures of equipment and Cisco hockey-puck icons; I much
prefer things like rectangles saying "7507 STL-1" or "M160 NYC-3".Assuming you use *NIX platforms (including BSD under Mac OS X), what
are your preferred tools for network drawings, both for internal and
external use? I'd hate to be driven to Windows only because I need
Visio.
I've been using inkscape (http://www.inkscape.org/) a bit recently, and
haven't found it too bad for basic box network drawings. It's native
format is SVG, although make sure you save your working diagrams in the
Inkscape SVG format. If you save it as "normal" SVG, all the objects get
merged into a single one - annoying if you want to go back and edit it
later. I haven't tried it, however there is a probability that Firefox
1.5 can view the .SVGs Inkscape produces natively.
Regards,
Mark.
If you're doing diagrams for internal use and know the chances of them
being used with external parties is slim-to-none, go ahead, play with
toys like dia.
Rather strong opinion...
PDFs are almost 100% acceptable, with a few losers left who won't
install a reader.
Hey, wait a minute!
DIA can export as Postscript and ghostscript can turn those
into PDFs. Therefore, you have contradicted your earlier
assertion.
By the way, there are other possibilities with DIA as
well. It is scriptable with Python so you can do useful things
like validate a diagram against the network.
http://www.gnome.org/projects/dia/python.html
There is also diacanvas2 which allows you to integrate the
DIA drawing canvas into your application.
http://diacanvas.sourceforge.net/
With diacanvas and python, you make an interactive network
diagram and bundle it into a Windows .exe file to distribute
to the sales force so they can do stuff like zoom in and out.
Fact is, that the availability of reasonably featured and
stable Open Source software has mushroomed over the past few years.
--Michael Dillon
In general, I don't know; however, the copy on my laptop (Firefox
1.5.0.1 on NetBSD-current) can display .svg files that happen to be on
my laptop. I haven't tried retrieving any over the net, where MIME
types are important.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
* Peter Dambier:
In germany censoring is commonplace. You have to use foraign resolvers
to escape it. There is a lot collateral dammage too - governement has
provided the tools.
This is not true. There has been some questionable advice by a
regulatory body, though. Most damage is done by ISPs which simply do
not adjust the filters to the moving target and run them as-is since
2001 or so. Null routes tend to filter a different customer after
such a long time.
How about alternative roots? ICANN does censor "XN--55QX5D.", "XN--FIQS8S."
and "XN--IO0A7I." already. You must use alternative roots to exchange emails
with people living in those domains.
Unfortunately, they also censor "ENYO.".
* Andy Davidson:
DNS looking glasses, in much the same way that we use web-form based
BGP or traceroute looking glasses today.
Open resolvers are far better then looking glasses to assess the state
of DNS, and we are campaigning against them. You can't have it both
ways. 8-(
Florian Weimer wrote:
* Peter Dambier:
In germany censoring is commonplace. You have to use foraign resolvers
to escape it. There is a lot collateral dammage too - governement has
provided the tools.This is not true. There has been some questionable advice by a
regulatory body, though. Most damage is done by ISPs which simply do
not adjust the filters to the moving target and run them as-is since
2001 or so. Null routes tend to filter a different customer after
such a long time.
Here it is documented. Sorry it is in german only:
http://odem.org/informationsfreiheit/
http://www.ccc.de/censorship/?language=de
http://www.netzzensur.de/demo/
http://www.politik-digital.de/edemocracy/netzrecht/dorf.shtml
A local city chieftain could claim ownership of an internet site located
in the USA and even capture their emails. As far as I am informed the
censorship at some ISPs is still active but they claim no longer to
be their mailhost.
I was informed of this DNS forgery because of the collateral damage
done. Several sites where censored and could only escape by changeing
providers. At least one of the providers is bankrupt today. I dont
know if censoring was the reason why.
How about alternative roots? ICANN does censor "XN--55QX5D.", "XN--FIQS8S."
and "XN--IO0A7I." already. You must use alternative roots to exchange emails
with people living in those domains.Unfortunately, they also censor "ENYO.".
That is the reason why 
Nevertheless I could see the site "http://www.enyo/"
after adding "212.9.189.164 www.enyo enyo" to my /etc/hosts
Maybe even could send you emails?
Kind regards
Peter and Karin Dambier
Florian Weimer wrote:
* Andy Davidson:
DNS looking glasses, in much the same way that we use web-form based
BGP or traceroute looking glasses today.Open resolvers are far better then looking glasses to assess the state
of DNS, and we are campaigning against them. You can't have it both
ways. 8-(
It is not as good as an open resolver but maybe IEN116 nameservers
(the old port 42 nameserver) could do too but maybe some windows boxes
would break. Originally the port 42 nameserver was left for dying but
with AXFR gone and open resolvers gone it might be a good idea to give
them a revival.
Cheers
Peter and Karin
* Peter Dambier:
This is not true. There has been some questionable advice by a
regulatory body, though. Most damage is done by ISPs which simply do
not adjust the filters to the moving target and run them as-is since
2001 or so. Null routes tend to filter a different customer after
such a long time.Here it is documented. Sorry it is in german only:
Yeah, sure, but your summary is misleading (convenient it's "german
only", is it?). The actual damage was done by ISPs, that body only
gave questionable advice. Afterwards, most ISPs simply didn't care,
in the sense that they didn't maintain the filters.
Several sites where censored and could only escape by changeing
providers.
It's more interesting if you can't do this. A null route on a router
in Frankfurt sometimes does wonders. It's also fairly effective to
null-route what is logically a downstream customer, even if it's
outside your network (by a few AS hops) and somewhere in Asia.
Such things happen all the time, and not just for DDoS prevention
purposes or malware containment. Some of the filters are clearly
targeted at specific content which is deemed unsuitable for
consumption by Germans. Such cases are not well-publicized. Often,
you can't tell them from genuine routing problems (and if you've got
insider information, you typically can't publish). I don't think this
is just a German or Chinese problem, by the way.
Nevertheless I could see the site "http://www.enyo/"
after adding "212.9.189.164 www.enyo enyo" to my /etc/hosts
Maybe even could send you emails?
No, because I don't actually use ENYO. 8->
* Peter Dambier:
...
> How about alternative roots? ICANN does censor "XN--55QX5D.", "XN--FIQS8S."
> and "XN--IO0A7I." already. You must use alternative roots to exchange emails
> with people living in those domains.Unfortunately, they also censor "ENYO.".
"You keep using that word. I do not think it means what you think it
means."
The English-language dictionary does not contain the words willkommen or
verstehen. But that is NOT censorship. It is simply because those
words are not defined in that language.
The current root name servers - the REAL ones - have a limited set of
domains that are defined in them. They are not censoring any others.
The others are simply not (yet?) defined. I am sure that some have been
submitted and rejected. I believe that most of them have not even been
submitted.
Please drop this word "censor", since you hopefully now have a better
understanding of what it does NOT mean.
And, as someone else pointed out, you can always use your "hosts" file
if you want to have your own set of defined names that are not part of
shared DNS.
> DNS looking glasses, in much the same way that we use web-form based
> BGP or traceroute looking glasses today.Open resolvers are far better then looking glasses to assess the state
of DNS, and we are campaigning against them. You can't have it both
ways. 8-(
What is the definition of "DNS Looking Glass"?
If it is a PERL CGI script then I would agree with you.
If it is a DNS proxy that applies rate limiting
and damping then I disagree with you.
--Michael Dillon
Please dont take ICANN censoring "XN--55QX5D.", "XN--FIQS8S." and
"XN--IO0A7I." serious. Ment as a joke. Did not make it. Sorry!
Joseph S D Yao wrote:
"You keep using that word. I do not think it means what you think it
means."
My dictionary says censor is from latin. A magistrate, lets call him a
polititian like
http://odem.org/akteure/juergen-buessow.de.html
http://www.heise.de/tp/r4/artikel/12/12733/1.html
Sorry I have this guy only in german.
This guy odered some local ISPs to making sites unavailable mostly by
forging DNS entries kept in their local resolvers. I was told by
peoply unvolontarily working for him that more than 6000 sites were
involved. Quite a lot of them collateral damage.
The latin version says this guy is taking things out of books so the
ordinary roman was not annoyed by distateful things. I guess you see
the irony.
B�ssow ment to keep journalists from seeing sites in the USA and
Canada that would be prosecuted in Germany.
His helpers felt invited to do a lot more good and played some
tricks on their "friends". In Germany we do not pick a leave from a
tree. We cut the tree and dig out the root.
If you have to live with a resolver that is answering as slowly as
this one
; <<>> DiG 9.1.3 <<>> www.peter-dambier.de @www-proxy.UL1.srv.t-online.de
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1092
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.peter-dambier.de. IN A
;; ANSWER SECTION:
www.peter-dambier.de. 6000 IN A 82.165.62.90
;; Query time: 2118 msec
;; SERVER: 217.237.150.141#53(www-proxy.UL1.srv.t-online.de)
;; WHEN: Thu Mar 23 13:59:57 2006
;; MSG SIZE rcvd: 54
my local ISP, then you feel tempted to use a foraign resolver. So
for me running my own independent resolver was a must.
But many of my colleages are not computerscience people. Many of the
poor buggers are running some flavour of windows. For them it is life
behind the big chinese firewall if they cannot find an open resolver.
Please excuse if I overreact a bit on this matter.
Cheers
Peter and Karin
(Karin is a writer too, but she is not the computer woman
Please dont take ICANN censoring "XN--55QX5D.", "XN--FIQS8S." and
"XN--IO0A7I." serious. Ment as a joke. Did not make it. Sorry!
I see. Thanks for the info.
My observation of human senses of humor is that humor is a mutual
rejection of information that shared experience says is not credible in
the shared frame of reality. Jokes that tend not to be understood tend
to be because the recipient of the joke does not share sufficient frame
of reality with the transmitter to ascertain that this is in fact
believed by both to be contrary to that frame of reality.
Or maybe that's just my own warped way of seeing it. But, no, I'm sorry
but I didn't realize it was a joke. 
Joseph S D Yao wrote:
>
>"You keep using that word. I do not think it means what you think it
>means."
This was a quote from the movie, "The Princess Bride", which a number of
people - some of whom surprise me by this - seem to like to quote a lot.
My dictionary says censor is from latin. A magistrate, lets call him a
polititian likeJürgen Büssow: Regierungspräsident Bezirksregierung Düsseldorf: Lebenslauf, Biographie (Internet-Filter/Sperrungen/Zensur)
http://www.wdr.de/themen/politik/nrw/demo_internetzensur/index.jhtml
Büssow und die CSU | Telepolis
Quite apt. This is exactly right. He removed things that were, shall
we say, difficult to reconcile with the official Roman reality. Too
many people still try to do this.
Sorry I have this guy only in german.
This guy odered some local ISPs to making sites unavailable mostly by
forging DNS entries kept in their local resolvers. I was told by
peoply unvolontarily working for him that more than 6000 sites were
involved. Quite a lot of them collateral damage.The latin version says this guy is taking things out of books so the
ordinary roman was not annoyed by distateful things. I guess you see
the irony.
In reference to the German politician, it is more than irony, it fits.
In reference to ICANN, not so good a fit. It was to that, that I had
been reacting.
B?ssow ment to keep journalists from seeing sites in the USA and
Canada that would be prosecuted in Germany.His helpers felt invited to do a lot more good and played some
tricks on their "friends". In Germany we do not pick a leave from a
tree. We cut the tree and dig out the root.
;-] That trait has been observed by other national observers, yes,
although I don't think I've seen that fine analogy before.
If you have to live with a resolver that is answering as slowly as
this one; <<>> DiG 9.1.3 <<>> www.peter-dambier.de @www-proxy.UL1.srv.t-online.de
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1092
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0;; QUESTION SECTION:
;www.peter-dambier.de. IN A;; ANSWER SECTION:
www.peter-dambier.de. 6000 IN A 82.165.62.90;; Query time: 2118 msec
;; SERVER: 217.237.150.141#53(www-proxy.UL1.srv.t-online.de)
;; WHEN: Thu Mar 23 13:59:57 2006
;; MSG SIZE rcvd: 54my local ISP, then you feel tempted to use a foraign resolver. So
for me running my own independent resolver was a must.
Considering how often DNS is called in the background for many simple
transactions, a 2.118-second lookup is unconscionable. I agree with
your analysis.
But many of my colleages are not computerscience people. Many of the
poor buggers are running some flavour of windows. For them it is life
behind the big chinese firewall if they cannot find an open resolver.Please excuse if I overreact a bit on this matter.
Whatever our disagreements on other matters, on this one I am in full
sympathy with you. ;-(